epan/dissectors/packet-udp.h

   1 /* packet-udp.h
   2  *
   3  * Wireshark - Network traffic analyzer
   4  * By Gerald Combs <gerald@wireshark.org>
   5  * Copyright 1998 Gerald Combs
   6  *
   7  *
   8  * SPDX-License-Identifier: GPL-2.0-or-later
   9  */
  10
  11 #ifndef __PACKET_UDP_H__
  12 #define __PACKET_UDP_H__
  13
  14 #include "ws_symbol_export.h"
  15
  16 #include <epan/conversation.h>
  17
  18 #ifdef __cplusplus
  19 extern "C" {
  20 #endif /* __cplusplus */
  21
  22 /* UDP structs and definitions */
  23 typedef struct _e_udphdr {
  24     uint16_t uh_sport;
  25     uint16_t uh_dport;
  26     uint32_t uh_ulen;
  27     uint32_t uh_sum_cov;
  28     uint16_t uh_sum;
  29     uint32_t uh_stream; /* this stream index field is included to help differentiate when address/port pairs are reused */
  30     address ip_src;
  31     address ip_dst;
  32 } e_udphdr;
  33
  34 /* Conversation and process structures originally copied from packet-tcp.c */
  35 typedef struct _udp_flow_t {
  36     /* Process info, currently discovered via IPFIX */
  37     uint32_t process_uid;    /* UID of local process */
  38     uint32_t process_pid;    /* PID of local process */
  39     char *username;        /* Username of the local process */
  40     char *command;         /* Local process name + path + args */
  41 } udp_flow_t;
  42
  43 struct udp_analysis {
  44     /* These two structs are managed based on comparing the source
  45      * and destination addresses and, if they're equal, comparing
  46      * the source and destination ports.
  47      *
  48      * If the source is greater than the destination, then stuff
  49      * sent from src is in ual1.
  50      *
  51      * If the source is less than the destination, then stuff
  52      * sent from src is in ual2.
  53      *
  54      * XXX - if the addresses and ports are equal, we don't guarantee
  55      * the behavior.
  56      */
  57     udp_flow_t  flow1;
  58     udp_flow_t  flow2;
  59
  60     /* These pointers are set by get_udp_conversation_data()
  61      * fwd point in the same direction as the current packet
  62      * and rev in the reverse direction
  63      */
  64     udp_flow_t  *fwd;
  65     udp_flow_t  *rev;
  66
  67     /* Keep track of udp stream numbers instead of using the conversation
  68      * index (as how it was done before). This prevents gaps in the
  69      * stream index numbering
  70      */
  71     uint32_t    stream;
  72
  73     /* Keep track of packet number within the UDP stream */
  74     uint32_t    pnum;
  75
  76     /* Remember the timestamp of the first frame seen in this udp
  77      * conversation to be able to calculate a relative time compared
  78      * to the start of this conversation
  79      */
  80     nstime_t    ts_first;
  81
  82     /* Remember the timestamp of the frame that was last seen in this
  83      * udp conversation to be able to calculate a delta time compared
  84      * to previous frame in this conversation
  85      */
  86     nstime_t    ts_prev;
  87 };
  88
  89 /** Associate process information with a given flow
  90  *
  91  * @param frame_num The frame number
  92  * @param local_addr The local IPv4 or IPv6 address of the process
  93  * @param remote_addr The remote IPv4 or IPv6 address of the process
  94  * @param local_port The local TCP port of the process
  95  * @param remote_port The remote TCP port of the process
  96  * @param uid The numeric user ID of the process
  97  * @param pid The numeric PID of the process
  98  * @param username Ephemeral string containing the full or partial process name
  99  * @param command Ephemeral string containing the full or partial process name
 100  */
 101 extern void
 102 add_udp_process_info(uint32_t frame_num, address *local_addr, address *remote_addr,
 103                      uint16_t local_port, uint16_t remote_port,
 104                      uint32_t uid, uint32_t pid,
 105                      char *username, char *command);
 106
 107 /** Get the current number of UDP streams
 108  *
 109  * @return The number of UDP streams
 110  */
 111 WS_DLL_PUBLIC uint32_t
 112 get_udp_stream_count(void);
 113
 114 WS_DLL_PUBLIC void
 115 decode_udp_ports(tvbuff_t *, int, packet_info *, proto_tree *, int, int, int);
 116
 117 WS_DLL_PUBLIC struct udp_analysis *
 118 get_udp_conversation_data(conversation_t *, packet_info *);
 119
 120 /*
 121  * Loop for dissecting PDUs within a UDP packet; Similar to tcp_dissect_pdus,
 122  * but doesn't have stream support. Assumes that a PDU consists of a
 123  * fixed-length chunk of data that contains enough information
 124  * to determine the length of the PDU, followed by rest of the PDU.
 125  *
 126  * @param tvb the tvbuff with the (remaining) packet data passed to dissector
 127  * @param pinfo the packet info of this packet (additional info) passed to dissector
 128  * @param tree the protocol tree to be build or NULL passed to dissector
 129  * @param fixed_len is the length of the fixed-length part of the PDU.
 130  * @param heuristic_check is the optional routine called to see if dissection
 131  * should be done; it's passed "pinfo", "tvb", "offset" and "dissector_data".
 132  * @param get_pdu_len is a routine called to get the length of the PDU from
 133  * the fixed-length part of the PDU; it's passed "pinfo", "tvb", "offset" and
 134  * "dissector_data".
 135  * @param dissect_pdu the sub-dissector to be called
 136  * @param dissector_data parameter to pass to subdissector
 137  */
 138 WS_DLL_PUBLIC int
 139 udp_dissect_pdus(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
 140                  unsigned fixed_len,
 141                  bool (*heuristic_check)(packet_info *, tvbuff_t *, int, void*),
 142                  unsigned (*get_pdu_len)(packet_info *, tvbuff_t *, int, void*),
 143                  dissector_t dissect_pdu, void* dissector_data);
 144
 145 extern char *udp_follow_address_filter(address *src_addr, address *dst_addr, int src_port, int dst_port);
 146
 147 #ifdef __cplusplus
 148 }
 149 #endif /* __cplusplus */
 150
 151 #endif